This copy is for your personal non-commercial use only. To order presentation-ready copies of Toronto Star content for distribution to colleagues, clients or customers, or inquire about permissions/licensing, please go to: www.TorontoStarReprints.com

Privacy complaints, data breaches jump: Watchdog Jennifer Stoddart

Record delays in accessing personal information held by Ottawa, along with more than six dozen breaches of sensitive data last year alone, show Canada&rsquo;s privacy laws are in dire need of updating, a federal watchdog says.

Privacy Commissioner Jennifer Stoddart, pictured in March 2012, says complaints to her office jumped 39 per cent last year, while the number of reported breaches of personal data held by government departments also increased. (Sean Kilpatrick / THE CANADIAN PRESS)

By Kenyon WallaceToronto Star

Thu., Oct. 4, 2012

Record delays in accessing personal information held by Ottawa, along with more than six dozen breaches of sensitive data last year alone, show Canada’s privacy laws are in dire need of updating, a federal watchdog says.

In her annual report tabled Thursday, Canada’s privacy commissioner Jennifer Stoddart paints a troubling picture of a bureaucracy governed by obsolete legislation that provides few incentives to report when data has been compromised and offers little recourse to citizens if their personal information is misused.

Stoddart’s office received 986 complaints about the government’s handling of private information last year — a 39 per cent increase over the previous year — most of them targeting the Correctional Service Canada, the RCMP, National Defence and the Canada Revenue Agency. The majority of complaints centered on problems citizens encountered while trying to access information about themselves held by government departments and the amount of time it took to get a response.

Meanwhile, data breaches involving government-controlled personal information were at their highest level in recent years, with 80 reported cases in 2011-12 — a 25 per cent increase over the previous year.

But because the reporting of data breaches is voluntary, the commissioner’s office was unable to determine if the number of breaches actually increased or whether departments took more initiative in reporting them.

Article Continued Below

“We have no idea what part of the actual data breaches going on we see or know about,” Stoddart told the Toronto Star. “It could be the tip of the iceberg and many may be simply shoved to the background.”

Her report also highlights problems at a number of government departments, including the Canada Revenue Agency, which saw an 23 per cent increase in complaints last year.

In one instance, a woman lodged a complaint with the CRA after she learned that her tax information had been accessed by a government employee now living with her ex-husband. The CRA took 13 months to investigate and failed to inform the woman about the results of the investigation.

“Year after year, people come to us with complaints that somebody has been looking into their tax files, somebody they know personally or someone who is part of their community,” Stoddart said. “This has to be stopped.

“It’s not acceptable for Canadians to give their personal information under law to the government and then not have really strong safeguards about who’s using it and who’s misusing it, and not to have any real remedy if it’s misused.”

Compounding the problem is Canada’s 30-year-old Privacy Act — legislation Stoddart calls “almost totally obsolete” — created before the widespread use of personal computers and the Internet. She laments the lack of government action to despite numerous calls by her office to revamp the law.

Stoddart said the department now has a comprehensive privacy management program and appears to be taking its obligation to protect veterans’ private information seriously.

Avner Levin, director of Ryerson University’s Privacy and Cyber Crime Institute, says the commissioner’s concerns will do little to encourage government departments and institutions to part with information or diligently report data breaches.

“There is a tendency in any organization to say, ‘We’re not going to share that.’ I think all organizations are guilty of this, not just the public sector,” said Levin, noting that government departments tend to take a very rigid interpretation of privacy law.

The Toronto Star and thestar.com, each property of Toronto Star Newspapers Limited, One Yonge Street, 4th Floor, Toronto, ON, M5E 1E6. You can unsubscribe at any time. Please contact us or see our privacy policy for more information.

More from the Toronto Star & Partners

LOADING

Copyright owned or licensed by Toronto Star Newspapers Limited. All rights reserved. Republication or distribution of this content is expressly prohibited without the prior written consent of Toronto Star Newspapers Limited and/or its licensors. To order copies of Toronto Star articles, please go to: www.TorontoStarReprints.com